R98

New features

• "Remember my device". Allows a user to skip 2FA when using the same device. After successful authentication if the user is required to authenticate using second factor the user can tick ‘remember device’ checkbox on selected 2FA option screen. If the authentication is successful the user’s device metadata is stored in the database as trusted device. Next time authentication is performed and user skips 2FA using trusted device the Second factor authentication skipped event is generated.
• Added events for operations on trusted devices - creation (173), deletion by user (175) and deletion by admin (176).

Bug Fixes

• Fixed an issue when identity links API fail with “Peer not authenticated“ when connecting to remote https service
• Upgraded all services to latest java 11
• Fixed id token validation when token is signed with Elliptic Curve (EC)
• User-info is now updated when the profile is changed and when using the persona flow
• Fixed an issue where sending an XSS payload through client side request (CSR) resulted in reflected XSS.
• Improved performance for several SCIM requests
• Fixed an issue where enhancing OAuth claims with RITM data failed for attributes defined with URN schema.
• Fixed an issue where successful 1FA with QR-code with mandatory 2FA was throwing a NullPointerException.
• Fixed issue with form not being submitted and instead showing errors when workflow form is autofilled with data